DAP-1320 wireless range extenders are subject to an ancient vulnerability, CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allowing attackers to execute “dangerous commands directly on the operating system”.

The CERT advisory notes the exploit uses the firmware update mechanism, and while the vuln is only confirmed on version 1.11 released in December 2013, “other firmware versions prior to version 1.21b05 may also be vulnerable”.

Users whose routers run either of thr aforementioned firmware are encouraged to update to versions, 2.0.17-b62 and 1.21b05.

The researchers at Tangible Security, discovered the vulnerabilities and consequently disclosed them to D-Link.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Related

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: archives[email protected]